Password or MAC filter?

[Roman]

Hey,

I'm curious: when you're setting up a router, which is more "secure" - putting in a password or a MAC address filter? By secure I mean which would be harder to bypass.

Thanks in advance,

Cheers,
-Roman Z.

[Insectoid]

A MAC filter I think, because a password can be broken in a relatively short amount of time depending on the encriptionwhereas it's quite difficult to face a MAC.

[BigBear]

Mac address

but it would be a pain when a friend comes over etc

[DtY]

MAC address filters are not secure at all. WEP encryption is cracked, WPA is not.

all you have to do to bypass a MAC address filter is wait until someone disconnects from the network, and then spoof their address.

[[Gandalf]]

Whatever form of security it allows except WEP encryption or MAC filtering. WPA2 is generally a fine option.

[rdrake]

Can't you, like, spoof MAC addresses?

[andrew.]

Yeah, but how would they know what MAC address to spoof? My router at home has a DHCP server running with only our devices set up, a MAC filter, and a WEP code. Even though it has WEP security, I think it's pretty safe because of the other things and also because it's hidden. Even if it's unsafe, there's not much else I can do except buy a new router.

[DtY]

andrew. @ Thu Sep 17, 2009 10:06 pm wrote:

Yeah, but how would they know what MAC address to spoof? My router at home has a DHCP server running with only our devices set up, a MAC filter, and a WEP code. Even though it has WEP security, I think it's pretty safe because of the other things and also because it's hidden. Even if it's unsafe, there's not much else I can do except buy a new router.

You watch what other MAC addresses are connecting. It's a lot of work when there are probably open networks on all sides of you, but once they know the address to spoof, they can keep using the same one.

[octopi]

andrew. @ Thu Sep 17, 2009 10:06 pm wrote:

Yeah, but how would they know what MAC address to spoof?

How would people know what password to use to break in?.....brute force and/or monitoring data transfer

[andrew.]

What would happen if they connect while another device with the same MAC address is connecting? Would it not allow them to connect, or would they both connect or none of them? If they both connect, could that mean that the packets sent out would be picked up by both?

[DtY]

andrew. @ Fri Sep 18, 2009 2:43 pm wrote:

What would happen if they connect while another device with the same MAC address is connecting? Would it not allow them to connect, or would they both connect or none of them? If they both connect, could that mean that the packets sent out would be picked up by both?

They'd both receive the packets (actually, everyone receives every packet on a wireless netowrk, but I'm pretty sure both computers would accept them as their own). (And now that I think about it, the access point might boot you if someone is already connected with that MAC address, but if not, you should get the same IP address as the other computer)

[BigBear]

So does a router assign a local address based on mac address or just gives one when you log on?

[Tony]

MAC address comes into play for static local IPs. For more detail, see http://en.wikipedia.org/wiki/DHCP

[DtY]

BigBear @ Fri Sep 18, 2009 3:50 pm wrote:

So does a router assign a local address based on mac address or just gives one when you log on?

You get one when you connect (assuming DHCP is on), that you get for a certain amount of time before your computer asks for a new one. Afaik, there's no guarantee at all you'll get the same (local) IP address again, but with my experience with DD-WRT is that you'll always get the same one (though I'm sure you wont if it runs out and has to recycle yours while you're not on)
If you want ti know more, read the article Tony linked to

[BigBear]

So then the question is what is easier to obtain a password or a mac address.

And if you cannot connect at certain times or get kick off repeatedly wouldn't you look into that.

I'm still think Mac address is safer